tag:www.schneier.com,2015:/blog//2/tag:www.schneier.com,2013:/blog//2.4872-2015-05-13T02:14:22ZComments for Preventing Cell Phone Theft through Benefit DenialA blog covering security and security technology.Movable Typetag:www.schneier.com,2013:/blog//2.4872-comment:5126460Comment from The New HTC One on 2014-03-25The New HTC Onehttp://thenewhtcone.blogspot.com/
It happens to be a great along with useful little bit of details. My business is thankful that you simply discussed this helpful information and facts with us. You need to stay all of us up-to-date this way. Appreciate your spreading.]]>
2014-03-25T19:27:44Z2014-03-25T19:27:44Ztag:www.schneier.com,2013:/blog//2.4872-comment:5126118Comment from The New HTC One on 2014-03-25The New HTC Onehttp://thenewhtcone.blogspot.com/
It's actually an awesome plus beneficial bit of details. I'm just thankful that you simply shared this useful data around. Be sure to continue to be people informed similar to this. Thank you for discussing.]]>
2014-03-25T19:00:22Z2014-03-25T19:00:22Ztag:www.schneier.com,2013:/blog//2.4872-comment:1550977Comment from Shackleford Hurtmore on 2013-06-30Shackleford Hurtmorehttp://shacklemore.blogspot.com
My thoughts:

1. Imagine how Occupy Wall Street would have gone down if all the mobile phones from out of town suddenly got kill switched. A government could use metadata about normal roaming patterns to identify people who don't normally visit Wall Street and disable only those phones. "A Protest? What protest?" Meanwhile, the banks on Wall Street grind on unaffected.

2. Like needing ID to fly on a plane ticket benefitting airlines by stopping resale of un-needed tickets; this will probably become more about phone companies being able to disable phones to force people to buy new phones on new plans. Missed a payment on your plan? Phone disabled. Buy a new one.

]]>
2013-07-01T00:58:23Z2013-07-01T00:58:23Ztag:www.schneier.com,2013:/blog//2.4872-comment:1550244Comment from Martin Scorkaysersoze on 2013-06-30Martin Scorkaysersoze
<pacinovoice>Trust! ..... It's a bitch!</pacinovoice>]]>
2013-06-30T16:31:14Z2013-06-30T16:31:14Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548835Comment from MikeA on 2013-06-29MikeA
"Find my iPhone" would be a lot more attractive (just for those times we forget where we left it) if it didn't require switching to iCloud, or iCloud didn't pose unacceptable risk to all devices synced to that AppleID. I'd be delighted to hear that is (no longer?) true, but the local Geniuses emit only bafflegab.

As for "a unique key given only to the buyer", how the heck do you ensure that? That is, how does a customer of a major manufacturer and carrier ensure that their desires are more relevant to those entities than the desires of various TLAs, or even business partners? Laws clearly don't work for that. Nor does a constitution, in countries that have one.

]]>
2013-06-29T15:29:10Z2013-06-29T15:29:10Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548522Comment from dinosaur on 2013-06-29dinosaur
Credit cards.
We already own a personal device implementing paranoid security rules.
The result: zero flexibility for legitimate users needing to go beyond the standard parameters of the service for an emergency, and zero deterrence for thieves that knows the means to sqeeze every possible buck out of the card before getting it blocked, exploiting all loopholes that even legitimate users ignore, making the credit card theft possible and profitable.
My 2 c: when security / freedom tradeoff worsen, it strikes far before honest citizens rather than criminals that are more aware about how circumventing the system.
Mass security systems always failed that way, becoming more inconvenient and costly than properly targeted intelligence, surveillance, prevention and investigation.]]>
2013-06-29T09:08:22Z2013-06-29T09:08:22Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548436Comment from Birch on 2013-06-29Birch
I can see that this may help reduce theft where the phone is the target BUT anecdotally in the majority of street crime cases the thief throws away the phone later - taking it is a delaying tactic to delay the victim cancelling credit/debit cards which have been taken for long enough that they can be used once or twice to get ready cash.

The use of chip & pin technologies has helped to reduce this problem, but now we're all being persuaded that contactless/near field payment systems are "hip and trendy"** the problem is coming back.

** and yes I find the "retro is cool" trends in adverts to be irritating too !

]]>
2013-06-29T07:41:02Z2013-06-29T07:41:02Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548324Comment from h4xx on 2013-06-29h4xx
Forgot to note, the same z3x team that hacks imei firmware will defeat this remote kill hardware benefit denial solution pretty easily. There's also plenty of leaked manufacturer software floating around like Samsung's Odin, this will get leaked too.

I'm also positive there will be a Defcon presentation after they roll this out of how they figured out how to spoof the remote kill requests to start denial of service attacking phones. If there's secure keys involved then gangsters will either bribe people who work there to hand them over, or carriers will use a default key that will be leaked.

Interesting that law enforcement doesn't want laptops to have the same remote kill switch yet they get stolen just as much. Guess it's easier to build spying backdoors into the small handful of major handset manufacturers than it is every laptop company on earth.

]]>
2013-06-29T05:53:24Z2013-06-29T05:53:24Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548177Comment from h4xx on 2013-06-28h4xx
The phone theft that goes on here according to carriers and cops is snatch and grabs usually on public transit by drug addicts. They also grab off patios and people waiting in line. Enabling a remote kill switch is totally useless.

The junkies hand the phone off to various organized crew members on the street who ensure airplane mode is on, stay awake is enabled to prevent screen lock (though can be easily bypassed, most only allow PINs), and either drop it in a stainless steel martini shaker for a good makeshift faraday cage or a proper cage bag they bought off the internet. They pay 1/4 if that of the value of the phone to the drug addict then take it back to a stash house somewhere that has a makeshift faraday caged room.

They siphon the data with carded forensic software or freely available other methods and tools, determine if anything is worth selling on crime forums like stored banking passwords and cards, or they use the online billing password on a separate device that can be used to buy more phones by sending instant credit to another account they control, then they walk in to a store with fake ID for that account, sign a phony 3yr contract and walk out with a new S4 or HTC One or have it mail ordered to a drop.

Bonus: maybe the theft victim is wealthy and they can extort them from the stored pictures or emails/texts from mistresses.

IMEI is changed, then re-flash the phone either with their own backdoored o/s and sell it for later ID theft, or reset back to default build and sell it.

Unless you keep another phone handy to instantly kill switch the stolen phone seconds after they snatch it ,you're screwed and even if you did kill the phone nothing to stop them from re-flashing or resetting the device back to manufacturer default build to be sold. Investment to do this: minimal.

How do I know they do this? Because that's what I would do if I was a meth addicted dimebag ex-con running a petty street stealing crew that snatched phones off the subway. If they aren't already doing this, they will be after the first few arrests and they figure out faraday cages. This kill switch is useless to protect against the crime the police here are trying to sell us on in order to force carriers to make them a backdoor which we all know will be used for surveillance instead or the first step for carriers to start remotely bricking devices that have been unlocked.

]]>
2013-06-29T03:29:36Z2013-06-29T03:29:36Ztag:www.schneier.com,2013:/blog//2.4872-comment:1548044Comment from Figureitout on 2013-06-28Figureitout
H4xx
--That's what I was thinking, aluminum foil or a jammer. Take the battery out quick, sit on it for like a year. It'll still be worth like $100.

Yet we have this social problem of theft that means that people probably can't find decent work and are getting desperate; that will continue to exist. And we just get more control and tracking (at the hardware level!!), as if we don't have enough.

I'd be willing to bet a lot of the theft comes from people being careless and leaving their phone out, not from actual stickups. I've certainly had the opportunity to steal at least 5 phones w/ practically no risk.

Such a trustful world, eh Bruce? Makes me want to live in a cave.

]]>
2013-06-29T01:39:40Z2013-06-29T01:39:40Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547973Comment from Kyhwana on 2013-06-28Kyhwana
I'd only use such a kill-switch that I controlled both ends of. I'm not sure how that'd work. Perhaps having it try to contact a server I run every hours and only nuke itself if it gets back an answer saying "nuke yourself.". I'd rather no accidently DoS my own phone!

Or possibly write/run an app that nukes the phone if it gets a SMS with data, but again, that could accidently be triggered..

]]>
2013-06-29T00:09:59Z2013-06-29T00:09:59Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547882Comment from onearmedspartan on 2013-06-28onearmedspartan
If they can kill it, I wonder if they can use the same principle to resurrect it? Not sure which is scarier. One makes your phone inoperable, the other makes it operable when you don't want to.]]>
2013-06-28T22:24:29Z2013-06-28T22:24:29Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547829Comment from h4xx on 2013-06-28h4xx
Telecoms will solely use this kill switch to disable phones that are unlocked or if the SIM is switched to another carrier. You can already add remote (and not very secure) kill switches to Android phones for free if you wanted.

This wont stop phone theft either, because the thief can just put the device in a makeshift faraday cage or turn on airplane mode, then image the drive and either steal data, reflash new system.img or they can change the IMEI with cheap Russian software like Z3 imei changer

Police here where I live are ramping up the fear about cellphone theft I suspect its a prelude for kill switch and other backdoors that are really for spying.

If they really wanted to prevent phone theft they would demand carriers sell fully encrypted phones and bootloaders that can only be accessed by a key the customer generates. That will never happen because then they cant spy

]]>
2013-06-28T21:17:13Z2013-06-28T21:17:13Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547810Comment from david on 2013-06-28david
It won't prevent theft. It might prevent phone theft. But thieves are still thieves and will steal something else. Thieves might even get angry and beat the victim when they find out the victim has a phone that could be bricked. Push a balloon in one place and it pops out another.]]>
2013-06-28T20:58:37Z2013-06-28T20:58:37Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547795Comment from Christopher Smith on 2013-06-28Christopher Smith
@Q: If stolen phones are transported outside the US, there's probably no way to reliably invoke a nasty-type carrier-mediated kill switch anyway, and I don't think any other infrastructure is feasible as a default setup (though of course those rootkit-type user-installed antitheft systems might work).]]>
2013-06-28T20:44:17Z2013-06-28T20:44:17Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547789Comment from Q on 2013-06-28Q
iPhone and Android-based phone thefts are a huge issue in my neighborhood. At a local safety meeting, the police stated that a large portion (likely over half) of the phones were destined to locations outside the US. That said, I'm not sure how valuable a carrier-based blacklist system would be.]]>
2013-06-28T20:39:27Z2013-06-28T20:39:27Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547786Comment from Roxanne on 2013-06-28Roxanne
This is why I don't want a kill switch on my car. I don't want one that can be effected while a car is in motion, either, even if it means that cops could turn off a car they're chasing - the car then becomes an unguided missile, and that's just a bad idea. Sorry, kids, *I* get to decide if my car gets turned off or not.

But, honestly, in terms of a cellphone, if you report it stolen, it should become a brick. Not even you should be able to re-activate it. Phone providers become complicit in the theft if they re-activate a stolen phone under a new number, IMO.

I like the "Where's my phone?" apps that are available. There are some great stories of phone recovery out there. But I don't like the implications for tracking movements of innocent people - not even the implications for knowing if my son went straight home after school or detoured through Dairy Queen. The possibilities for abuse are just mind-boggling.

]]>
2013-06-28T20:38:45Z2013-06-28T20:38:45Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547784Comment from NobodySpecial on 2013-06-28NobodySpecial
@Nicholas Weaver - but it's only a deterrent if it applies to all iPhones, is always used and all thieves know about it.
You need it to be common knowledge among thieves that a stolen iPhone is worthless, or at least only worth a small amount for parts]]>
2013-06-28T20:37:01Z2013-06-28T20:37:01Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547771Comment from HJohn on 2013-06-28HJohn
@Christopher Smith: There seems to be a difference between a "kill switch" and what I've heard described, which is more of an IMEI blacklist.
________

Very good point.

To be fair, I think the term "kill switch" is fine for casual use, because it is more commonly understood than blacklist. May not be completely accurate, but casually people have a general understanding.

It's like "identity theft." Identities aren't stolen, they are impersonated. But casually, most understand what it means well enough for discussion sake.

]]>
2013-06-28T20:24:09Z2013-06-28T20:24:09Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547755Comment from Christopher Smith on 2013-06-28Christopher Smith
There seems to be a difference between a "kill switch" and what I've heard described, which is more of an IMEI blacklist. Since it's pretty clear who the legitimate (initial) purchaser of a phone is, at least by account in the case of a prepaid, having a registry of IMEIs reported stolen shouldn't pose an objectionable security threat as long as the providers have appropriate incentives to restore service if phones are recovered. That approach isn't a "kill", it's admission control.]]>
2013-06-28T20:07:56Z2013-06-28T20:07:56Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547754Comment from mrmcd on 2013-06-28mrmcd
Why can't we design a system where each phone ships with cryptographic key or activation code that is required to activate an anti-theft kill switch? The end user of the phone is given the only copy of the key when buying a new phone. If the phone is stolen, they can be give the key to the carrier to transit and activate the skill switch. Otherwise no one but the owner has the key and it can't be abused.

Worse case scenario, the user is careless and tosses the key along with the manual and packaging. The only negative consequence of this is the thief gets a working phone, same as we have now.

]]>
2013-06-28T20:05:28Z2013-06-28T20:05:28Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547714Comment from tz on 2013-06-28tz
They can't seem to be able to cut off the non-prepaid plans when they go over the limits, e.g. roaming too near canada or mexico, or the phone gets stolen resulting in $10k phone bills (in "emergencies", a call to customer service with lots of identifying data to remove the cap). That would be a change that would benefit consumers too, but won't happen.

Right now stolen phones can't be reactivated (in the USA) - but you can theoretically use the wifi - but aren't there "wheres my phone" capabilities?

]]>
2013-06-28T19:37:50Z2013-06-28T19:37:50Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547675Comment from HJohn on 2013-06-28HJohn
@: "1) it's not possible for thieves to resurrect phones in order to resell them"

I don't think this one is a must. It's also possible to remove the ink tags from clothing, but that doesn't render them useless as a deterrent measure. It is about reducing the risk, not eliminating it.
_________

@: "2) that it's not possible to turn this system into a denial-of-service attack tool"

A bit scary, but I think it may not be as bad as it sounds. People can already lock various accounts to deny service illegitimately, kill internet service if someone is suspected of piracy, etc. So this threat is nothing new, it's just a bit evolved. I'm sure there would be widespread backlash if it happened too often in an unauthorized manner.

I guess the question to be asked is which risk do we prefer.

]]>
2013-06-28T19:13:27Z2013-06-28T19:13:27Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547660Comment from Natanael L on 2013-06-28Natanael Lhttps://roamingaroundatrandom.wordpress.com/
Here in EU (or at least most of it) you can already get phones remotely disabled (at least the GSM part) if you report it to the police and provide the IMEI serial number.]]>
2013-06-28T19:02:22Z2013-06-28T19:02:22Ztag:www.schneier.com,2013:/blog//2.4872-comment:1547640Comment from Nicholas Weaver on 2013-06-28Nicholas Weaver
Apple is adding this on-their-own: a user can lock their device so it can't be reactivated without their login, and (possibly) keep find-my-iphone working even after a phone wipe.